In mid-April, an arsenal of powerful software tools apparently designed by the NSA to infect and control Windows computers was leaked by an entity known only as the “Shadow Brokers.” Not even a whole month later, the hypothetical threat that criminals would use the tools against the general public has become real, and tens of thousands of computers worldwide are now crippled by an unknown party demanding ransom.

The malware worm taking over the computers goes by the names “WannaCry” or “Wanna Decryptor.” It spreads from machine to machine silently and remains invisible to users until it unveils itself as so-called ransomware, telling users all their files have been encrypted with a key known only to the attacker and that they will be locked out until they pay $300 to an anonymous party using the cryptocurrency Bitcoin. At this point, one’s computer would be rendered useless for anything other than paying said ransom. The price rises to $600 after a few days; after seven days, if no ransom is paid, the hacker (or hackers) will make the data permanently inaccessible (WannaCry victims will have a handy countdown clock to see exactly how much time they have left).

Ransomware is not new; for victims, such an attack is normally a colossal headache. But today’s vicious outbreak has spread ransomware on a massive scale, hitting not just home computers but reportedly healthcare, communications infrastructure, logistics, and government entities.

Reuters says “hospitals across England reported the cyber attack was causing huge problems to their services and the public in areas affected were being advised to only seek medical care for emergencies,” and that “the attack had affected X-ray imaging systems, pathology test results, phone systems and patient administration systems.”

The worm has also reportedly reached universities, a major Spanish telecom, FedEx, and the Russian Interior Ministry. In total, researchers have detected WannaCry infections in over 57,000 computers across over 70 countries (and counting–these things move extremely quickly).

According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind. The security researcher who tweets and blogs as MalwareTech told The Intercept “I’ve never seen anything like this with ransomware,” and “the last worm of this degree I can remember is Conficker.” Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over nine million computers in nearly 200 countries.

Most importantly, unlike previous massively replicating computer worms and ransomware infections, today’s ongoing WannaCry attack appears to be based on an attack developed by the NSA, codenamed ETERNALBLUE. The U.S. software weapon would have allowed the spy agency’s hackers to break into potentially millions of Windows computers by exploiting a flaw in how certain version of Windows implemented a network protocol commonly used to share files and to print. Even though Microsoft fixed the ETERNALBLUE vulnerability in a March software update, the safety provided there relied on computer users keeping their systems current with the most recent updates. Clearly, as has always been the case, many people (including in government) are not installing updates. Before, there would have been some solace in knowing that only enemies of the NSA would have to fear having ETERNALBLUE used against them–but from the moment the agency lost control of its own exploit last summer, there’s been no such assurance. Today shows exactly what’s at stake when government hackers can’t keep their virtual weapons locked up. As security researcher Matthew Hickey, who tracked the leaked NSA tools last month, put it, “I am actually surprised that a weaponized malware of this nature didn’t spread sooner.”

The infection will surely reignite arguments over what’s known as the Vulnerabilities Equity Process, the decision-making procedure used to decide whether the NSA should use a security weakness it discovers (or creates) for itself and keep it secret, or share it with the affected companies so that they can protect their customers. Christopher Parsons, a researcher at the University of Toronto’s Citizen Lab, told The Intercept plainly: “Today’s ransomware attack is being made possible because of past work undertaken by the NSA,” and that “ideally it would lead to more disclosures that would improve the security of devices globally.”

But even if the NSA were more willing to divulge its exploits rather than hoarding them, we’d still be facing the problem that too many people really don’t seem to care about updating their software. “Malicious actors exploit years old vulnerabilities on a routine basis when undertaking their operations,” Parsons pointed out. “There’s no reason that more aggressive disclose of vulnerabilities through the VEP would change such activities.”

A Microsoft spokesperson provided the following comment:

“Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt. In March, we provided a security update which provides additional protections against this potential attack. Those who are running our free antivirus software and have Windows updates enabled, are protected. We are working with customers to provide additional assistance.”

"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves."
William Pitt, British Prime-Minister (1759-1806)

FYI, they don't ship the "disc" with new PSs and haven't now for about 10 years. You can make a restore set of DVDs IF you know how to do that and do it BEFORE you get infected.

Re-install is OK if you have your data backed up on a "clean" storage drive. Or better yet, if you have a storage drive with a complete backup IMAGE of your current Windowz operating system.

Every version of Windowz starting with Vista has the capability of creating an IMAGE that can be used to restore your complete system to the date it was created. I've got images of ALL my systems stored on a 2TB drive that stays offline and I create new ones about once a month so they can be "somewhat" current. Only thing I'd lose would be stuff that was added between the last Image and the current event that required a re-image of the drive.

I'm wondering how long it's going to be before "The Cloud" storage gets hacked and held for ransom!

"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves."
William Pitt, British Prime-Minister (1759-1806)

1- Image disk, then Back up, when ransomware installs, tell them to pound sand.

There, done.

That's a noble thought and my Wife and I do that with our computers here at home, but, most ppl aren't tech savvy enough to do that, if you know what I mean, which is probably the reason they get hacked to begin with!

"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves."
William Pitt, British Prime-Minister (1759-1806)

1- Image disk, then Back up, when ransomware installs, tell them to pound sand.

There, done.

That's a noble thought and my Wife and I do that with our computers here at home, but, most ppl aren't tech savvy enough to do that, if you know what I mean, which is probably the reason they get hacked to begin with!

You're exactly right Ken, but with the free apps (see majorgeeks.com) and huge 128G thumbdrives available, imo there is no excuse.

Aside: Wonder how many gas stations' credit/debit machines are using windows 98? I could crack those

1- Image disk, then Back up, when ransomware installs, tell them to pound sand.

There, done.

That's a noble thought and my Wife and I do that with our computers here at home, but, most ppl aren't tech savvy enough to do that, if you know what I mean, which is probably the reason they get hacked to begin with!

You're exactly right Ken, but with the free apps (see majorgeeks.com) and huge 128G thumbdrives available, imo there is no excuse.

Aside: Wonder how many gas stations' credit/debit machines are using windows 98? I could crack those

FYI the imaging software is built into every version of Windowz starting way back with Windowz Vista so there's no need to download anything from the "Geeks" to do that.

RE: 128GB thumb drives? For some typical home systems yes, but my Darling Wife's Windowz 7 Dell laptop that she does her website work on required 266GB of space available when I made a back up hard drive Image of it last Tuesday to my two 2TB backup drives!

"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves."
William Pitt, British Prime-Minister (1759-1806)